Robinhood kept non-encrypted passwords in the company’s systems

Unicorn Robinhood, an investment and stock trading app, has revealed it was storing some of its user data in plaintext on internal systems.

In other words, things like passwords were left unencrypted. Usually, this sort of information is kept encrypted on servers to avoid exposing them to the risk of being accessed through a hack attack.

Usually, Robinhood claims it has standards and process in place to ensure no one a the company can read people’s passwords. However, this does not seem to have been the case this time.

The FinTech company sent out an email earlier in the week, telling users who were affected that their password may have been stored in a readable format. Robinhood said the enterprise conducted a review of the matter. It “found no evidence that this information was accessed by” any outsiders. The company then advised users to change their passwords.

Robinhood neglected to tell TechCrunch how long the passwords had been stored for.

The news comes just days after Robinhood increased its valuation to $7.6bn, making it a unicorn seven times over. The additional valuation came about after the FinTech company closed a $323m Series E funding round.

DST Global, a Hong Kong-based investor focused on late-stage deals in the internet industry, led the round. Ribbit Capital, a Californian venture capital firm, joined the round together with fellow venture capital firms New Enterprise Associates, Sequoia, and Thrive Capital.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.